IPSEC site to site VPN with loopback interface issue

Hi Guys,

I am trying to set up a IPSEC site to site VPN with multiple end point at
the head end. To do that I should be able to terminate these VPN on a
loopback address, I tried configring it the loopback but eventhough tunnel
set up correctly no traffic go throgh the tunnel. But when I change it back
to a phisical interface it works without any issue with the same
configuration.

*Head end config*
**

hostname TEST_VPN_ASR
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
!
!
!
!
aaa session-id common
!
!
!
!
crypto keyring L2L_A
  pre-shared-key address 20.1.1.2 key test123
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2

crypto isakmp profile L2L_A
   keyring L2L_A
   match identity address 20.1.1.2 255.255.255.255
   local-address Loopback0
!
!
crypto ipsec transform-set Tra_L2L_A esp-3des esp-sha-hmac
!
crypto map crypmap 1 ipsec-isakmp
 set peer 20.1.1.2
 set transform-set Tra_L2L_A
 set isakmp-profile L2L_A
 match address 101
 reverse-route
!
!
!
!
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.248
 crypto map crypmap
!
interface Loopback1
 ip address 10.1.1.9 255.255.255.248
!
interface Loopback2
 ip address 10.1.1.17 255.255.255.248
!
interface Loopback100
 ip address 200.200.200.200 255.255.255.0
!
!
interface GigabitEthernet0/0/0.100
 description #### Global Internet ####
 encapsulation dot1Q 100
 ip address 10.2.2.1 255.255.255.0
 crypto map crypmap
!
!
router eigrp 100
 network 10.0.0.0
!
ip route 0.0.0.0 0.0.0.0 10.2.2.2
!
logging esm config
access-list 101 permit ip 200.200.200.0 0.0.0.255 210.210.210.0 0.0.0.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
!
!
!
Cheers
Sara

Blogs and organic groups at http://www.ccie.net
Received on Thu Nov 03 2011 - 18:00:35 ART